Igaware Version 10.3.3 released #Igaware #linuxsbs

Posted on February 24, 2015 by tim

New in Version 10.3.3 [Tue Feb 24 2015]
=======================================

* New Features and Improvements *

  • Installed a new version of MySQL database server with statically linked binaries and compiler optimizations.
  • Zarafa user information is now loaded on-demand via AJAX.
  • Updated the Google perftools libraries (tcmalloc) to version 2.4
  • Updated the ClamAv virus scanner to use the new tcmalloc libraries.
  • Recompiled the Zarafa server software to use the new tcmalloc libraries.
  • Added a new email feature called “Email domain mapping”. This allows Email domains delivered via an SMTP feed to be re-mapped to individual users or groups.
  • Updated the dnsmasq DNS cache software to the latest version.
  • Allow the entry of a zero port number for firewall port input. This means “all ports”.
  • Added the smem system monitoring tool.
  • Added an index to the email activity report database table to speed up queries.
  • Re-implemented ICAL support for the Zarafa server.
  • Added common SMTP ports to list of SMTP server ports in General Email settings.
  • Changed help popups to load help text on-demand via AJAX.
  • Added Ability to specify a non-standard port for IMAP/ POP incoming accounts.
  • The USB disk backup now doesn’t fill up the Kernel Page Cache.

* Fixes *

  •  Ping scan lan in System Tools has been fixed. It didn’t matter what boxes
    were ticked.
  • Fixed a problem with the Network Interfaces configuration. Couldn’t set the Network Role to blank “—-“.
  • Solved a long running problem with the Mysql server shutdown (rc6.d kill script non-existent).
  • Fixed the browser display position of help dialog boxes.
  • Fixed a problem where the Website Filter would go in to emergency mode. (squidGuard – shoreten_tag to stop emergency mode)
  • The System Status memory graph was displaying incorrect values for “free” (rrd script)
  • User groups were not saved correctly.
  • Fixed a timing issue with USB hard drives and newer Linux kernels.
  • Fixed the reporting of backup failure messages. They were sometimes empty.
  • FTP server config’ page. The checkbox didn’t stay ticked !
  • Popup dialog boxes with Warning messages appeared empty.

Posted in Linux Small Business Server, System Updates | Tagged , | Leave a comment

Setting up BT Infinity Hub 5 with the Igaware Small Business Server #igaware

Posted on February 11, 2015 by tim

Setting up a BT Infinity Hub5 to connect the Igaware Small Business Server is achieved using the DMZ function on the BT Hub interface.

BT Hub 5

The trick is the ensure the Igaware is on the same subnet as the hub, so it can then seen by the hub, allowing it to be selected from the drop down list (under DMZ).

The hub comes by default with an IP of 192.168.1.254. So if you set the Igaware WAN connection with Interface IP of 192.168.1.252, and gateway as 192.168.1.254, then in the hub, under DMZ, you will be able to select the Igaware from the drop down list – it’ll be listed as ‘unknown’.

Couple of caveats/recommendations

  • leave DHCP on the Hub enabled.
  • to ensure IPSec VPN works, on the hub, under Advanced Settings=>VPN enable port clamping.
  • Disable wireless on the hub – you don’t want staff bypassing the Igaware Firewall!

Posted in Linux Small Business Server | Tagged | Leave a comment

VPN Tip to Help Road Warriors Connect

Posted on February 3, 2015 by tim

There is one thing worth noting when preparing for VPN connections – pick a good local subnet for your LAN.

For example, suppose you use the popular 192.168.0.0/24 subnet as your private LAN subnet. Now you are trying to connect via VPN from an Internet cafe which is using the same subnet for its WiFi LAN. You will have a routing conflict because your machine won’t know if 192.168.0.1 refers to the local WiFi gateway or to the same address on the VPN.

So, organisations would have a problem if the remote user happens to be on a 192.168.0.0/24 network when connecting back to the office.

The best solution is to avoid using 10.0.0.0/24 or 192.168.0.0/24 as private LAN network addresses. Instead, use something that has a lower probability of being used in a WiFi cafe, airport, or hotel where you might expect to connect from remotely. The best candidates are subnets in the middle of the vast 10.0.0.0/8 netblock (for example 10.66.77.0/24).

It probably won’t cause too much of a problem, but worth noting.

Posted in Hidden Gems, Linux Small Business Server | Tagged | Leave a comment

Disk Encryption for Igaware Linux Small Business Server #sbs #igaware

Posted on January 23, 2015 by tim

The Igaware Linux Small Business now supports disk encryption. This means all data including file system is encrypted. Basically no-one can remove disks and mount them to extract any data. This means all your data is secure should your server be stolen.

Encryption protects your data, and ensures compliance.

Posted in System Updates | Tagged , | Leave a comment

UPS use with the Igaware Linux Small Business Server #igaware #sbs

Posted on January 23, 2015 by tim

An uninterruptible power supply (UPS) isn’t really necessary for the Igaware Linux Small Business Server. In fact we don’t recommend putting the Igaware Linux Small Business Server on a UPS because they can be problematic; UPS batteries start to die after a year or so, causing output voltage problems and unintentional shutdowns, hangs,  etc.

The Igaware Linux Small Business Server is VERY robust to power outages. The Igaware Linux Small Business Server makes sure that disk writes are completed in a transactional manner and at any point in time all disk data is consistent. Even if the power goes off the disk state is guaranteed to be consistent. It’s know as linux “barriers” mode. Also, during a power off the desktops/ routers, etc will power off anyway, meaning that not a lot is going on through the Igaware Linux Small Business Server.

The barriers option was enabled recently, because a few naughty customers seemed to just switch everything off – including the Igaware Linux Small Business Server, routers, etc – if they had any network problems.

We will revisit the whole UPS situation, as a matter of customer choice.

Posted in Rants from a developer | Tagged | Leave a comment

Igaware Version 10.3.2 released #Igaware #linuxsbs

Posted on January 14, 2015 by tim

New Features and Improvements

  • Encryption of the File Server data disk partition is now possible.
  • Added From: and To: functionality to Spam, General and File Name whitelists.
  • Added lots of Javascript JQuery improvements to the configuration Interface.
  • Help popups are now more readable.

Fixes

  • Lots of minor bug fixes to the configuration interface.
  • Fixed a problem with the anti-spam setting of fetchmail. It now uses SMTP
    code 571.

Posted in Linux Small Business Server, System Updates | Leave a comment

Billion 8800NL Router Configuration Guide – for a more robust connection

Posted on January 13, 2015 by tim

You can connect the Igaware Linux Small Business Server to the Internet using a router of your choice, but if you choose a Billion 8800NL router you can expect connectivity to be robust.

Billion 8800NLBillion 8800NL

The Billion 8800NL combines an ADSL/ADSL2+ modem, for conventional broadband services with a VDSL2 modem for FTTC fibre broadband services. It also incorporates target SNR margin adjustment for ADSL and ADSL2+ services.

Target SNR margin adjustment with the 8800NL can significantly improve download speeds for many broadband users as it means they are no-longer dependent upon exchange Digital Line Management (DLM) systems, which can increase the target SNR margin to very high levels (substantially reducing download speed). Check out this SNR Tweak article.

Setting up the Billion 8800NL Router with the Igaware Linux Small Business Server is straight forward:

Switch the router on and connect it to a laptop via an ethernet cable. By default the router has DHCP enabled so you can access the router web admin page by opening a web browser and going to the default IP of the router 192.168.1.254

Login to the web admin page using the default user name and password supplied with the router.

From the menu select ‘Quick Start‘ and enter your ADSL username and password, then select continue.

bill-quick-start

From the menu select Configuration=>WAN and select Service pppoa_0_0_38

Billion 8800NL
Enable NAT and disable Firewall.

Now go to NAT => DMZ Host

Billion 8800NL
Set DMZ HOST IP Address to the WAN IP of the Igaware Server e.g 10.10.10.2.

Now select LAN.

bill-lan

Set IP Address e.g. 10.10.10.1 and Subnet Mask e.g. 255.255.255.0

To prevent Internet access from the WAN side of the Igaware Firewall, it’s advisable to disable the wireless interface on the router.

Posted in Linux Small Business Server, Uncategorized | Tagged , | Leave a comment

Forget PPTP – SSL is the secure way to connect to the #Igaware Linux Small Business Server

Posted on December 17, 2014 by tim

If you are using PPTP you should start using SSL instead.

PPTP has never been particularly good. In fact it is very badly engineered; it’s stateless (equals problems) and insecure.

SSL VPN overcomes these problems; it’s secure, reliable and easy to use. Setting it up on smart phones (Android/iOS) and laptops (Win/OS) is easy, with free client software available to download.

SSL VPN is intended to provide secure site-to-site communications and secure communications for home workers and “road warriors”. You can use this facility to connect remote offices and home workers together as if they are on the same LAN. There is a free Windows SSL VPN client that’s a lot easier to set up, and far more efficient than the default Windows L2TP/ IPSec client.The latest free Securepoint Windows VPN client can be downloaded from Securepoint Site. You can use this client software to connect to the SSL VPN server on the Igaware Linux Small Business Server.

There is also a MAC client called Tunnelblick.

IPhone and IPad users can download the OpenVPN Connect client from the App Store

Android users can download the OpenVPN Connect client from the Google Play Store

vpn

The Igaware Linux Small Business Server fully supports SSL VPN, and is configured easily via the Igaware Linux Small Business Server web interface under Network => VPN => SSL.

Screen Shot 2014-12-17 at 17.26.05

The defaults above should be fine. The default subnet of 10.8.0.0 has been chosen to avoid clashes with subnets of public access points that ‘road warriors’ may use to connect to the Internet. Once SSL has been enabled, go to Clients and configure (see below).

Screen Shot 2014-12-17 at 17.32.42

Client name can be anything you like. Office, for example. The server address is the public IP/hostname of your server. Once you’ve added the client, select the client you have created from the list of clients, and email the client config to yourself (or whoever). Note: If you are using a public access point in a hotel for example, you might want to tick ‘redirect all traffic through  tunnel’,  just to keep everything private.

Screen Shot SSL

Once you receive the client config on your client device, open it with your OpenVPN client and connect. Job done.

Posted in Hidden Gems, Linux Small Business Server, Uncategorized | Leave a comment

Igaware Version 10.3.1 released #Igaware #linuxsbs

Posted on December 15, 2014 by admin

New in Version 10.3.1 [Thu Dec 11 2014]
=======================================

* New Features and Improvements *

  • Added a warning if form data is changed but not saved, when a page is
    unloaded.
  • Redesigned the SSL VPN configuration to allow very easy client deployment.
  • The Spam whitelist now allows ‘host:’ prefix to specify the sending host.
  • Finished development of the dynamic DNS service. Three methods can now be used
    to update the IP address.
  • Added Spam rules to block Fax spam.
  • Updated PEAR PHP Mail packages.
  • Updated Openswan to version 2.6.42
  • The Zarafa backup now doesn’t overwrite the last backup unless the current\ mysqldump succeeds.
  • Tidied up some forms.
  • Re-compiled the LIBXML2 libraries – xmllint not linked to libhistory.

    * Fixes *

  • Fixed a problem with the Log Viewer.
  • Fixed a problem with the client SSL VPN configuration. The LAN network route
    was not pushed to the Securpoint OpenVpn client for Windows.
  • File server passwords containing a ‘!’ character where not set properly.
  • Fixed the System Status User Disk Report. Sub-directories were not counted in the Total result.
  • Tidied up the HTML for the console status “Event History”.
  • Fixed the IPSec connection form. Remote and local id blanked if dynamic
    gateway selected.
  • Fixed a problem when setting the default network route. The route was set to
    the currently edited interface.
  • Fixed a problem with Zarafa Groups. Replying to a group resulted in unexpected
    recipients – no email address specified.
  • Fixed a bug in the Samba4 script.

Posted in Linux Small Business Server, System Updates | Leave a comment

Igaware Version 10.3.0-2 released #Igaware #linuxsbs

Posted on November 11, 2014 by tim

* New Features and Improvements *

  • Dynamic DNS. We have added support for several Dynamic DNS providers to the Network administration section.
  • The server time is now updated at boot time via NTP and the BIOS clock is reset.
  • Updated the dmidecode system executable.
  • Config interface improvements

* Fixes *

  • Fixed a problem with the Port Forwarding network page.
  • Winbinnd. Fixed a problem with the SAMBA Winbinnd daemon. At start-up the old ( pre v4) config file was used.
  • MySQL, Changed the startup behaviour. By default the Mysql server will restart itself if it crashes. IOHO, this is not good. We want the server to stop on a crash so that the cause can be investigated.
  • System Health monitor. The warning email sender domain is now selected based on valid MX records.
  • Fixed a problem with passwords when used with Zarafa. Dollar signs within the password were not escaped properly.
  • Several small fixed to Samba. The os level configuration parameter has been removed.

New in Version 10.3.0-1 [Mon Oct 27 2014]
=========================================

* Fixes *

  • Security – Installed newest OpenSSL libraries.
  • Security – Installed newest SSH package.
  • Fixed some problems with the configuration interface.
  • Fixed an HTML layout problem within the email activity report.

New in Version 10.3.0 [Sun Oct 19 2014]
=======================================

* New Features and Improvements *

  • Re-written the Igaware configuration interface to comply with HTML-5.
  • Updated Zarafa to the latest version – 7.1.11
  • Updated Mysql to the lastest version.
  • Updated the ClamAV AV software to version 98.4
  • Added a new option to Activity Reporting=> Clear Logs. You may now specify the Days worth of activity to keep. Previously, this was hard coded to 95 days.
  • Updated the closed-source Zarafa binaries to the latest version.
  • Added a “brick level” Zarafa backup option.
  • The Igaware Backup now stores catalogue information as compressed files on the fly. This massively reduces the memory requirments during the backup process.
  • Improved the reliability of PPTP connections from an Apple iPad.
  • All hard disk drives now have their write-caches disabled.
  • Improved the AV health checking script. The test now takes 1 second rather than 40.
  • Recompiled the NTP server to add Samba signed NTP time support.
  • Modified the NTPD daemon to include signed NTP.
  • Added mod_deflate to the HTTP server configuration to allow on the fly compression of network payload.
  • ClamAV Anti-virus. The signature database update script has been rewritten. We now include the securiteinfo database.
  • Added Grub boot options to allow boot into single user mode and to skip the FSCK disk check.
  • The SAMBA-4 upgrade script now calls “convmv” to convert iso to utf-8 filenames in fileserver space.
  • Added date picker UI to the Activity Log Cleardown page.

* Fixes *

  • Zarafa Search – fixed a problem with Zarafa Search, the Zarafa search indexer.
  • Log Viewer – fixed the display of Rsync Backup logs in the System=> Log viewer.
  • Mail Scanner – fixed a problem when an email was identified as Spam via the Virus Scanner. A very small number of emails would be reported as being a Virus instead of Spam.
  • Zarafa Backup – fixed a problem where the failure of the Zarafa email backup would not be reported properly.
  • FIXED – zero conf file size when /var out of space TODO
  • Web Site Blocking – fixed a problem where the schedule was enabled when it shouldn’t have been
  • Email Activity report – Uppercase usernames were not searched.

New in Version 10.2.0-1 [Wed July 29 2014]
=========================================

* New Features and Improvements *

  • [ for 10.2.0-1 ] Updated the Windows Software (Samba) to version 4.
  • [ for 10.2.0-1 ] Updated the Fetchmail (POP/IMAP retrieval) software.
  • Updated the Zarafa Server to the newest version of 7.1.10. This supports Click To Run ( CTR) Outlook versions. The Zarafa Client software will now automatically update to the latest version.
  • Updated the POP/IMAP Fetchmail program to the latest version.
  • Added the Zarafa search indexer for fast searching of Zarafa folders.
  • Added “Send Queue Now” to the System Status=> Email Queue Status page. If selected, then immediate delivery of all emails in the Queue will be attempted.
  • Added the Load Balance WAN interface failover status to the System status page.
  • Updated several libraries.
  • Installed an NTP Server. The Igaware box can now act as an NTP time server for LAN clients.
  • Installed a new NTP package to replace the previous xntp3 package.
  • Installed the latest OpenLDAP package.
  • Improved the Test Internet Connection. It now tests for connectivity to the Igaware Update servers. ( Now tries updates.igaware.com on port 873).
  • RAID devices with a new superblock format can now be started at boot time, using /etc/rc.sysinit.extra.first
  • Installed the CLucene search libraries for the Zarafa search indexer.
  • [ for 10.2.0-1 ] Updated the DOS filesystem tools.
  • [ for 10.2.0-1 ] Changed the memory usage bar chart on the System Information page. Now doesn’t show memory Usage in red, only for swap over 15%.
  • [ for 10.2.0-1 ] Installed the latest BIND DNS nameserver software.

* Fixes *

  • Fixed getFileParams so that a ‘=’ can be included in a value if the delimiter = ‘=’
  • Fixed the load balance and pppoe watchdogs to use -I iface in ping instead of the IP address of the interface.
  • [ for 10.2.0-1 ] Fixed a problem with the new Fetchmail software package.

New in Version 10.2.0 [Fri July 04 2014]
=======================================

* New Features and Improvements *

  • Updated the Zarafa Server to the newest version of 7.1.10. This supports Click To Run (CTR) Outlook versions. The Zarafa Client software will now automatically update to the latest version.
  • Updated several libraries.
  • Installed an NTP Server. The Igaware box can now act as an NTP time server for LAN clients.
  • Installed a new NTP package to replace the previous xntp3 package.
  • Installed the latest OpenLDAP package.
  • Improved the Test Internet Connection. It now tests for connectivity to the Igaware Update servers. ( Now tries updates.igaware.com on port 873).
  • RAID devices with a new superblock format can now be started at boot time, using /etc/rc.sysinit.extra.first

* Fixes *

  • Fixed getFileParams so that a ‘=’ can be included in a value if the delimiter = ‘=’
  • Fixed the load balance and pppoe watchdogs to use -I iface in ping instead of the IP address of the interface.

Posted in Linux Small Business Server, System Updates | Leave a comment